Still, I don't want to gate people based on age.
Parents should at least be able to overwrite the age of their child, maybe selectively allow bypasses. My experience with a computer would have been completely different if I was blocked from half of the internet. Especially when I see which kind of content gets blocked.
Zero-knowledge seems to be a bit of an oversell here. It is more like you break the knowledge up and only share the relevant parts with each party. And the facilitator (Google) arguably has access to the most information out of any of the parties involved.
Age is just one metric. I don't want zero proof tech about information X. I don't want to have an identity. Full stop.
We need "How to talk to your legislators about zero-knowledge proofs".
This seems great - one question (ideally for Alan stapleberg) why is this not available for everyone? Seems like this is only applicable to the EU? Genuine question - Why would other governments not want this for their people ? I am sure there is a flip side that EU thinks is not worth more than thier people getting this kind of privacy. But what’s has to be true for some govts to think that the flip side is more beneficial than the privacy aspect. Appreciate if someone can break down how incentive structures are different and hence the resultant choices/positions
It's not zero proof
It's moving the goal post from one entity to another.
You can also fake it by letting someone else solve it for you.
I've been trying to figure out how zero-knowledge stuff would work in practice for age verification, where "when issued" (or extremely coarse, like what year), "to whom", and "where it's used" are hidden from everyone except the individual holding the proof (since that's the gold standard, and the only one worth accepting).
I get that ZK techniques work, and reveal "nothing". That's useful.
But if they reveal nothing, isn't it wide open for abuse? Couldn't one over-18-person's proof become everyone's proof, because they can't tell it's the same proof, and the issuer can't tell where or how often the proof is being used? Or are there ways to construct data leaks that are not user-identifying but are abuse-identifying (and what would that even mean)?
Another attempt at a technological solution to a sociopolitical problem. No thanks.
Unfortunately ZKP's aren't magic.
When not doing privacy oriented cryptocurrency (cough money laundering cough) with ZKP's, if you really want private verification you are in a position where a single actor can authenticate the entire world and no one will know it happened. And to prevent it you assemble the pieces necessary to deanonymize anyone.
Make no mistake. ZKP age verification, as proposed, will just require multiple parties to collude to figure out your identity.
They can't even implement ZKP for remote attestation due to the auth-the-world problem.
What's the point of giving a single point of information about yourself to a single website, when all the websites you visit use the same trackers (from Google for example) only to merge these data points together and sell them as a package.
It is suspicious to me that "age assurance" is trending EXACTLY as AI agents become capable of autonomously operating a personal computer in the same way a human office worker would.
I'm afraid "age assurance" has nothing to do with "the children".